Querying a vCenter Appliance (VCSA) with a Non-Root Account

While Movere can still be used to query a VCSA with its root account, there are situations where using this account is not an option. Movere now supports the use of a non-root accounts. The steps below detail how to create a non-root account on a VCSA for Movere to use to gather the required data.

IMPORTANT: The user account created on the VCSA and the account granted access to Postgres MUST have the same password. If the passwords do not match then the scan will fail.

Assign a strong password to the account: $(ALTER USER movere PASSWORD ‘MUST USE THE SAME PWD USED ABOVE’;)

Connect to database VCDB: $\connect VCDB

Grant the movere account read only access to query VCDB:

$(GRANT USAGE ON SCHEMA vc TO movere;)

$(GRANT SELECT ON ALL TABLES IN SCHEMA vc TO movere;)

Exit Postgres database by inserting the key combination \q.

Exit the pi shell: $(exit)

From the Movere Console select the ‘vCenter Appliances’ option from the ‘Getting Started’ tab.

On the vCenter Appliances tab use the ‘Add’ button to enter then name or IP address of your vCenter Appliance. When prompted for credentials, provide the username and password of the user account created above.

From the ‘Upload to Cloud’ tab confirm that the upload is set to Yes if you want the payload to automatically be uploaded to Movere. Selecting no will still perform the scan but the payload generated will need to be autoloaded manually.

From the ‘Initiate Scan’ tab select ‘Scan’ to complete the VCSA scan using a non-root account.